CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46689 – soc: qcom: cmd-db: Map shared memory as WC, not WB
https://notcve.org/view.php?id=CVE-2024-46689
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region. This region of memory is write protected by XPU. XPU may sometime falsely detect clean cache eviction as "write" into the write protected region leading to secure interrupt which causes an endless loop somewhere in Trust Zone. The only reason it is working right now is because Qualcomm Hypervisor maps the same region as Non-Cacheable memory in Stage ... • https://git.kernel.org/stable/c/312416d9171a1460b7ed8d182b5b540c910ce80d •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46687 – btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()
https://notcve.org/view.php?id=CVE-2024-46687
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() [BUG] There is an internal report that KASAN is reporting use-after-free, with the following backtrace: BUG: KASAN: slab-use-after-free in btrfs_check_read_bio+0xa68/0xb70 [btrfs] Read of size 4 at addr ffff8881117cec28 by task kworker/u16:2/45 CPU: 1 UID: 0 PID: 45 Comm: kworker/u16:2 Not tainted 6.11.0-rc2-next-20240805-default+ #76 Hardware name: QEMU Standard PC... • https://git.kernel.org/stable/c/852eee62d31abd695cd43e1b875d664ed292a8ca •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46686 – smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()
https://notcve.org/view.php?id=CVE-2024-46686
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() This happens when called from SMB2_read() while using rdma and reaching the rdma_readwrite_threshold. In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() This happens when called from SMB2_read() while using rdma and reaching the rdma_readwrite_threshold. Ubuntu Security Notice 7156-1 - Chenyuan... • https://git.kernel.org/stable/c/edf38e9f4269591d26b3783c0b348c9345580c3c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46685 – pinctrl: single: fix potential NULL dereference in pcs_get_function()
https://notcve.org/view.php?id=CVE-2024-46685
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference in pcs_get_function() pinmux_generic_get_function() can return NULL and the pointer 'function' was dereferenced without checking against NULL. Add checking of pointer 'function' in pcs_get_function(). Found by code review. In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference in pcs_get_function() pinmux_generic_get_function() can r... • https://git.kernel.org/stable/c/571aec4df5b72a80f80d1e524da8fbd7ff525c98 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46683 – drm/xe: prevent UAF around preempt fence
https://notcve.org/view.php?id=CVE-2024-46683
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: prevent UAF around preempt fence The fence lock is part of the queue, therefore in the current design anything locking the fence should then also hold a ref to the queue to prevent the queue from being freed. However, currently it looks like we signal the fence and then drop the queue ref, but if something is waiting on the fence, the waiter is kicked to wake up at some later point, where upon waking up it first grabs the lock befor... • https://git.kernel.org/stable/c/dd08ebf6c3525a7ea2186e636df064ea47281987 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46682 – nfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open
https://notcve.org/view.php?id=CVE-2024-46682
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open Prior to commit 3f29cc82a84c ("nfsd: split sc_status out of sc_type") states_show() relied on sc_type field to be of valid type before calling into a subfunction to show content of a particular stateid. From that commit, we split the validity of the stateid into sc_status and no longer changed sc_type to 0 while unhashing the stateid. This resulted in kernel oopsing for nfsv4.0 ... • https://git.kernel.org/stable/c/3f29cc82a84c23cfd12b903029dd26002ca825f5 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46681 – pktgen: use cpus_read_lock() in pg_net_init()
https://notcve.org/view.php?id=CVE-2024-46681
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: pktgen: use cpus_read_lock() in pg_net_init() I have seen the WARN_ON(smp_processor_id() != cpu) firing in pktgen_thread_worker() during tests. We must use cpus_read_lock()/cpus_read_unlock() around the for_each_online_cpu(cpu) loop. While we are at it use WARN_ON_ONCE() to avoid a possible syslog flood. In the Linux kernel, the following vulnerability has been resolved: pktgen: use cpus_read_lock() in pg_net_init() I have seen the WARN_ON(... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46680 – Bluetooth: btnxpuart: Fix random crash seen while removing driver
https://notcve.org/view.php?id=CVE-2024-46680
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Fix random crash seen while removing driver This fixes the random kernel crash seen while removing the driver, when running the load/unload test over multiple iterations. 1) modprobe btnxpuart 2) hciconfig hci0 reset 3) hciconfig (check hci0 interface up with valid BD address) 4) modprobe -r btnxpuart Repeat steps 1 to 4 The ps_wakeup() call in btnxpuart_close() schedules the psdata->work(), which gets scheduled after ... • https://git.kernel.org/stable/c/86d55f124b52de2ba0d066d89b766bcc0387fd72 •
CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46679 – ethtool: check device is present when getting link settings
https://notcve.org/view.php?id=CVE-2024-46679
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings A sysfs reader can race with a device reset or removal, attempting to read device state when the device is not actually present. eg: [exception RIP: qed_get_current_link+17] #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede] #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3 #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992... • https://git.kernel.org/stable/c/d519e17e2d01a0ee9abe083019532061b4438065 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46678 – bonding: change ipsec_lock from spin lock to mutex
https://notcve.org/view.php?id=CVE-2024-46678
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: bonding: change ipsec_lock from spin lock to mutex In the cited commit, bond->ipsec_lock is added to protect ipsec_list, hence xdo_dev_state_add and xdo_dev_state_delete are called inside this lock. As ipsec_lock is a spin lock and such xfrmdev ops may sleep, "scheduling while atomic" will be triggered when changing bond's active slave. [ 101.055189] BUG: scheduling while atomic: bash/902/0x00000200 [ 101.055726] Modules linked in: [ 101.05... • https://git.kernel.org/stable/c/9a5605505d9c7dbfdb89cc29a8f5fc5cf9fd2334 •